Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass MSSQL user database connection

This thread has been viewed 6 times

  • 1.  ClearPass MSSQL user database connection

    Posted Mar 15, 2016 05:43 PM

    I want to add an MSSQL database for an Authentication Source for a SSID. I keep getting:

    2016-03-15 17:24:46,848[Th 273083 Req 14706798 SessId R0027a43e-12-56e87d9e] INFO RadiusServer.Radius - rlm_sql: searching for user arubasql in Sql:mssqlserver.company.name
    2016-03-15 17:24:46,849[Th 273083 Req 14706798 SessId R0027a43e-12-56e87d9e] ERROR RadiusServer.Radius - rlm_sql (authsrc_3030): Error parsing data from database
    2016-03-15 17:24:46,849[Th 273083 Req 14706798 SessId R0027a43e-12-56e87d9e] ERROR RadiusServer.Radius - rlm_sql (authsrc_3030): SQL query error; rejecting user

    I'm watching the packets go by (cleartext) with the correct SELECT statement and the reply from the server. I'm not getting any errors in the Attribute Filter section either. Not sure what I'm missing. My attribute filter looks like this:

    Screen Shot 2016-03-15 at 5.38.31 PM.png

    I thought that perhaps the driver was the issue because my database was SQL Server 2014, so I built a SQL Server 2012 but am getting the same error.

    Thanks



  • 2.  RE: ClearPass MSSQL user database connection
    Best Answer

    Posted Mar 21, 2016 05:08 PM

    In case anyone else runs into this, I did figure out my issue. I had to change my filter back so that pass was being picked up as User_Password. I also hadn't been positive about the Password Type field, if that was for the users in the database or for my initial connection to the database. It is for the users in the database.

    The other part that really confused me was the tcp/ip connection timeout errors I kept getting after trying to save my filter when my filter looked correct. After sniffing packets I finally figured out that although I had a port in the Port (Optional): field; the filter tab (which I was essentially using as a diagnostic tool) completely ignores the port field, at least for the MSSQL driver. The authentication was using the correct port, but that filter tab was using the default so it kept throwing out errors. I'm running CPPM 6.5.5.78974. I setup a new database instance with default ports to not cause confusion going forward.